Lucene search

[email protected]CVE-2017-17449

HistoryDec 07, 2017 - 12:29 a.m.

CVE-2017-17449

2017-12-0700:29:00

CWE-200

[email protected]

web.nvd.nist.gov

148

linux

kernel

vulnerability

netlink

nvd

security

cve-2017-17449

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤4.14.4

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle4.14.4

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	4.14.4

References

www.securityfocus.com/bid/102122

access.redhat.com/errata/RHSA-2018:0654

access.redhat.com/errata/RHSA-2018:0676

access.redhat.com/errata/RHSA-2018:1062

access.redhat.com/errata/RHSA-2018:1130

access.redhat.com/errata/RHSA-2018:1170

lkml.org/lkml/2017/12/5/950

source.android.com/security/bulletin/pixel/2018-04-01

usn.ubuntu.com/3619-1/

usn.ubuntu.com/3619-2/

usn.ubuntu.com/3653-1/

usn.ubuntu.com/3653-2/

usn.ubuntu.com/3655-1/

usn.ubuntu.com/3655-2/

usn.ubuntu.com/3657-1/

www.debian.org/security/2017/dsa-4073

www.debian.org/security/2018/dsa-4082

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for CVE-2017-17449